Shortly noted before I forget again. Values in uppercase and prefixed by a $ denote placeholder values, which could differ on your machine.
First, check your version of GPG:
$ gpg --version gpg (GnuPG) 2.2.17 libgcrypt 1.8.3 Copyright (C) 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: $HOME/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2
Then, create a new key:
$ gpg --full-generate-key gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 5y Key expires at $DATE_IN_FUTURE Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: Your name Email address: firstname.lastname@example.org Comment: You are using the 'utf-8' character set. You selected this USER-ID: "Your name <email@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
What happened here? The wizard asks you first about the purpose of the key. RSA stands for Rivest–Shamir–Adleman and describes an algorithm to generate cryptographic values. DSA is the Digital Signature Algorithm, but not that popular any more.
I want to use the key for encrypting emails, thus I pick
The bit length should be minimum of 2046. The further the technology advances, the harder to crack keys with a longer length. So I go for 4096 to be somewhat future-proof.
You can decide to let the key expire. Some people do that, some don't. Since I want to somewhat limit the harm a lost key could do, I limit it to five years. This way I have to create a new key once the old expired. Keep in mind, that you will loose all the trust put in this key once it expired.
Now enter the name and email you want to be publicly available to this key. Make sure, the character set is utf-8.
Double-check everything and then confirm the input. Now, go do some browsing to create some entropy and let your computer do the work.
gpg: Key $GPG_ID was marked as ultimatively trustworthy. gpg: Directory `$HOME/.gnupg/openpgp-revocs.d' created gpg: Revocation cert was saved as '$HOME.gnupg/openpgp-revocs.d/$KEY.rev'. Public and secret key created and signed. pub rsa4096 YYYY-MM-DD [SC] [expires: YYYY-MM-DD] $KEY uid Your name <firstname.lastname@example.org> sub rsa4096 YYYY-MM-DD [E] [expires: YYYY-MM-DD]
Now, you need to upload the key so others can contact you. Since the key servers sync their keys among each other, it doesn't matter much to which key server you are sending your keys. I am using Seahorse for key management.
But I want to show you how to do it on the command line here:
$ gpg --send-keys $GPG_ID gpg: sending key $GPG_ID to hkp server $HKP_SERVER
You can find my key now: 93BE0EAD9D091300.